PT-2017-11914 · Imagemagick · Imagemagick

Jgj212

Published

2017-07-13

Updated

2019-10-03

CVE-2017-11310

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.0.6-1 Q16 2017-06-21 (beta)

Description The issue is related to memory leak vulnerabilities in the read user chunk callback function, located in coderspng.c, which can be exploited via crafted PNG files.

Recommendations For ImageMagick version 7.0.6-1 Q16 2017-06-21 (beta), consider restricting the use of the read user chunk callback function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

CVE-2017-11310

Affected Products

Imagemagick

PT-2017-11914 · Imagemagick · Imagemagick

CVE-2017-11310

Weakness Enumeration

Related Identifiers

Affected Products

References · 5